Quantum criminals

Quantum computers promise to perform wonders, but what would happen if they fell into the wrong hands?

With Christmas just around the corner, half the UK now chooses to escape the hustle and bustle of the high street and shop for presents online. Encrypted internet connections make it safe to pay a trusted online retailer without fear that your card details will be plucked out of cyberspace by a criminal.

This could all change with the arrival of quantum computers. Harnessing weird quantum phenomena such as entanglement and superposition, their computing power will far exceed the most powerful supercomputers around today.

Whilst for the most part this is a great thing, the possibility that cyber criminals will get their mitts on a quantum computer puts current encryption systems under threat. ‘If a quantum computer comes along, there are severe implications for the way we do things at the moment’, says Keith Martin, Professor of Information Security at Royal Holloway, University of London.

The good news is that cryptographers know this and they’re already on the case.

How does data encryption work?

Two types of cryptography are currently used to secure information online: symmetric cryptography and public key cryptography.

With symmetric cryptography, sender and receiver (nicknamed Alice and Bob) use the same key to scramble and unscramble data. ‘This is the traditional model of cryptography’, explains Martin.

From an attacker’s perspective, the only way around is by brute force, painstakingly testing every possible key one by one, a bit like trying to find the combination on a padlock.‘If you set the key to be long enough, then that task becomes practically impossible’, comments Martin.

Currently keys are commonly 128 bits long meaning that there are 2^128 possible combinations. It’s estimated that it would take 150 thousand trillion years to test all of these individually – long enough to guarantee that your credit card, the criminal, and probably the entire human race would have expired by the time the correct combination was found.

Enter the quantum computer

One reason quantum computers will be so much fasters is that they can perform many calculations simultaneously, meaning they could feasibly crack a 128 bit key in far less time. The solution is remarkably simple: just increase the number of bits to 256 and it’s estimated that even a quantum computer would be unable to find the key quickly.

The problem with symmetric encryption, however, is that before it can work, Alice and Bob need to somehow share a key without it being intercepted.

For this reason internet encryption systems also use what’s known as public key encryption. This is a more complex and therefore slower process, so it is usually used to exchange a symmetric key at the beginning of the communication so that symmetric encryption can be used thereafter.

One way street

Public key encryption allows data to be encrypted using a public key that can be shared freely with anyone, but a different - private - key is used to decrypt the data. So if you’re buying from Amazon, Amazon sends you a public key, your computer uses it to encrypt a symmetric key and sends it, but only Amazon has the private key to unscramble the message and retrieve the symmetric key.

This works thanks to specially designed algorithms which use mathematical problems to create a one way system where a calculation can easily be done one way but the reverse calculation is very difficult.

One example is multiplying large prime numbers together to create a public key. This is very easy to do, but the reverse calculation – breaking a very large number down into its constituent primes (aka prime factorisation) takes so long it verges on impossible.

Well, impossible for a normal computer maybe. ‘Come a quantum computer, public key encryption as we know it is finished,’ says Martin. A quantum computer could run algorithms capable of solving prime factorisation in a reasonable time, making this type of encryption obsolete.

This means that the cryptography research community is now racing to design encryption algorithms for which nobody has a solution. Quantum computers won’t be around for another couple of decades and Martin is confident that cryptographers will have algorithms ready in time.

The weakest link

Internet encryption may be crime-proof for now, but unfortunately criminals know all too well how to exploit other weaknesses. ‘From the point at which the data leaves your computer and arrives at the retailer’s server, it cannot be read by anyone’, says Martin. ‘But of course it’s vulnerable everywhere else.’

Retail sites with poor security controls can leak data (accidentally or sometimes intentionally), allowing databases of card details to fall into the hands of criminals.

In many cases however the weakest point is you. Consumers are frequently targeted by so called phishing attacks, where they receive an email purportedly from their bank or email account provider asking for their login or card details.

Cyber criminals are likely to stick with these tried and tested tactics even with quantum computers around, so keeping your wits about you is the best way to stay safe.